tags:

views:

90

answers:

4
Q: 

PHP Two Way encryption with Salt

Hello,

I'm trying to create a two way encryption algorithm for my users passwords. I need it to be encrypted but without the pre set encrypt pass (what i set)(salt?) the original password cannot be decrypted

+1  A: 

To save it:

$userPasswordInput = $_POST['password'];

$salt = // ideally, generate one randomly and save it to the db, otherwise, use a constant saved to the php file

$password = sha1($userPasswordInput . $salt);

Save $password (and preferably $salt) to the db. When comparing, concatenate the salt and the user input, sha1 it (or whichever encryption), then compare it to the saved (encrypted + salted) password.

etteling  2010-09-21 09:29:07
I supose this would work for encryption but. I can't decrypt it and get the password back using the $salt ??
Daniel  2010-09-21 09:33:39
A: 

For a two way encryption this is called "key", not "salt". Check out mcrypt functions.

stereofrog  2010-09-21 09:35:57
I'm going to be using this on multiple servers/sites running PHP. most do not have that extension installed. It'd be hard to update every server/site as well.
Daniel  2010-09-21 09:38:12
find a pure php implementation then, e.g. http://pear.php.net/package/Crypt_Blowfish Don't know about the quality though.
stereofrog  2010-09-21 09:45:40
I need something that built into php
Daniel  2010-09-21 10:10:33
"something"? what exactly are you looking for?
stereofrog  2010-09-21 10:44:41
I'm simply looking for a couple of functions i can use to encode and decode a hash, i want a hash to be only decodable if the correct key was used (the one inputted when encoding)
Daniel  2010-09-21 11:25:49
There's no built-in two-way encryption function in php. You have to install mcrypt, or take PEAR implementation, or write your own.
stereofrog  2010-09-21 11:42:40
A: 

i did it this way:

create a $user + $password

$saltedHash = md5($salt.$password);

now you have an encrypted password($saltedHash) to save it to the db.

if somebody try to login, you do the same with the inputed password and compare it with the one in the db.

ESCOBAR  2010-09-21 09:51:46
A: 

The easiest way (though very wasteful in terms of storage) is to generate a random string and XOR it to the password. (As someone already pointed out, this is called a key, not a salt.) This is called a one-time pad. As the name implies, you cannot reuse the same key for multiple passwords.

Tgr  2010-09-21 10:17:18

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases